The operating system must implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33117	SRG-OS-000137-NA	SV-43515r1_rule		Medium

Description
The operating system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process. Rationale for non-applicability: For the purposes of this IA control, a mobile OS is assumed to support a single user security domain.

Description

The operating system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process. Rationale for non-applicability: For the purposes of this IA control, a mobile OS is assumed to support a single user security domain.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41376r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37017r1_fix)
The requirement is NA. No fix is required.